India's Cyber Security Status During Demonetization

The Times They Are A-Changin’, crooned Bob Dylan way back in 1964. Fast forward to 2016, the words hauntingly resonate with us a lot more in these digitally tryingtimes. While Prime Minister Narendra Modi’s latest war on corruption, tax evasion, and terrorism by going cashless is in full swing as you read, we still find ourselves miserably underequipped to tackle a looming threat to India’s cyber security with the rise of a new digital economy.
With Rs. 500 and Rs. 1,000 currency notes as legal tender gone for good, combined with only a trickle of new ones making their way into the market, a chunk of us have already turned to digital means of transactions. But, India lacks laws to protect consumers if they lose money during digital transactions. India’s cyber security stands on shaky grounds.
The Narendra Modi government’s demonetisation move might have warranted an increase in transaction activity on digital wallets massively, but measures to ensure the underlying cyber security parameters for digital payments are still kept largely under the ambit of the Information Technology (IT) Act.
“We don’t have any dedicated laws on digital payments. That’s very important to grant complete legality and remove doubts and clarifications pertaining to legal efficacies and legal validity of digital payments,” says Pavan Duggal, an advocate in the Supreme Court specializing in cyber law.
The Reserve Bank of India (RBI) has acted like a sentinel for all the banks in our country for as long as one can remember; security and privacy standards have always been pretty much at par with any developed nation in the world, but when it comes to digital wallets, in all honesty, RBI is still staring into the fog.
Though, it will be unfair to put the entire blame on RBI. Digital wallets such as Paytm, FreeCharge, MobiKwik, etc., fall under the category of non-banking financial corporations (NBFCs). This excludes them from the ambit of any of RBI’s governing laws. For fin-tech companies in India today, security compliance falls under Section 43 A of the IT Act.
Today, money transactions taking place between an e-wallet service provider and a user are still merely contractual transactions, and as Pavan Duggal puts it, “they can be easily repudiated.” There’s a heightened urgency to legally fortify digital transactions in India ASAP, this is not only to ensure the safety of consumer money but is also for the safety of the e-wallet service provider companies themselves.

While maintaining security standards for fin-tech companies falls under the data protection law of the IT Act, the lack of an enforcement mechanism hinders any good this can do.
Since the time Modi dropped the demonetization bomb on all of us, digital wallet firms, most notably, Paytm, have seen as much as 35 million transactions by its users to either buy goods and services or transfer funds to another account. Their rival, FreeCharge, has even gone ahead and collaborated with the police forces of Mumbai to pay traffic fines using its platform.
I couldn’t agree less, just yesterday I paid via Paytm at a non-discreet milk kiosk. There’s definitely heightened levels of consciousness and awareness among traders and customers, though, all of it largely stems from their utter helplessness.
Yes, it has been crippling for a lot of us. But this shouldn’t come as a surprise, according to estimates, between 90 and 98 percent of all transactions in India, measured in terms of volume, involved paper currency until a month ago. And, with 86% of cash gone from the market over midnight, going digital is becoming is the only way forward.
To help you feel a little better about this situation, the government may now be able to tax more than what it has been taxing till now: a shameful 1% of the population only (as observed in a BBC report). As Kaushik Basu, a former chief economic adviser to the Indian government, recently noted at the New York Times, the most reliable estimate of India’s “shadow economy,” or the untaxed part of it, puts it at one-fifth of the country’s GDP.
According to a Bengaluru-based think tank, Centre for Internet and Society (CIS), their research shows that some of India’s largest technology companies still do not comply with Section 43 A.
“We have a minimal data protection law in our IT Act and that will apply to all the fintech players. But, our ISPs (internet service providers) and telcos don’t comply with Section 43 A. So you can imagine compliance will be even lower in the fintech sector,” says Sunil Abraham, executive director, CIS.
The lack of basic privacy and security laws pertaining to digital payments in India puts the onus on consumers who use such services, several of them destitutes who until recently did not even own bank accounts. While the issue is not being completely ignored by the authorities, some of the proposed workarounds, such as creating a virtual sandbox around digital payment services have raised questions.
But however noble may the intentions be behind pulling the plug on cash, electronic transactions remain vulnerable as ever. RBI started to act on it since the day the news broke out.
It decided to limit the maximum balance on digital wallets to Rs. 10,000 per user, as a safeguard against any impending security breaches. By November 23rd, the banking regulator increased the limit to Rs. 20,000.
And only last week, India’s leading electronic wallet provider, Paytm, rolled out the option for customers to increase their wallet balance to a maximum of Rs. 1 lakh upon completing the know-your-customer (KYC) procedure done.
“There are no legal mechanisms available in case of disputes pertaining to digital payments. The compliance to the Indian cyber law is more done in the breach rather than in compliance,” adds Duggal. While concrete laws around digital transactions might take years to be framed and implemented, Abraham says, we can start with a few things as a start to improving India’s cyber security of digital payment services.
Under Section 43 A, there are provisions to allow a sector to form a consortium that agrees to set security standards. All players must follow this, which is valid in a court of law during dispute resolution. Vijay Shekhar Sharma, the founder of Paytm, says a dispute mechanism similar to what is done in the case of credit or debit fraud, is followed when a customer has an issue. “Regulation in digital money works just like in the case of cards. It is the issuer, in this case, the wallet companies that has to resolve the problem. If not, the next stop is consumer court,” says Sharma. “There is no ambiguity in this.”
This might be a ripe time for India’s fin-tech companies to come together and think of foolproof security standards for transactions of this nature, because, as always the government is stretched thin and it may be a good idea to pitch in some expert opinion.
Once laws come into play, India may see an increased flow of FDI in this sector, as apprehension surrounding digital payments in India may dissipate eventually.
Until then, pay safely! Keep visiting www.acadgild.com for more updates on the courses

2 Comments

Hi dear madam,
I am Shivdeepsinh Zala from bhavnagar, Gujrat. And I completed my master in Msc. It. And I want to learn cyber security n ethical hacking , but I have some limitations for this . And I want your help can you contact me for this ? My mail Id is [email protected] n contact number is 8320837188
Thank you,

Hello Shivdeepsinh,
Thank you for your question! We have forwarded your query and contact details to the concerned department. They will get in touch with you soon. You can also e-mail your questions at [email protected] or call at (+91) 888 002 5025.
Keep checking this space for more updates.
Happy learning!